Cloning RSA SecurID Tokens

Wednesday, May 23, 2012 @ 11:05 AM gHale

There is now a way an attacker that has control over a victim’s computer can clone the secret software token that RSA’s SecurID uses to generate one-time passwords.

The technique has major implications for the safekeeping of the tokens, said a senior security analyst at SensePost. An estimated 40 million people use various SecurID tokens to access confidential data belonging to government agencies, military contractors, and corporations.

Socially Engineered Emails a Threat
RSA Attack Traces to China
IT Security: Physical, not Just Cyber
McAfee: Abundant Gaps in Security

Scrutiny of the widely used two-factor authentication system has grown since last year when RSA revealed hackers got on its network and stole SecurID information that could compromise security. Defense contractor Lockheed Martin later confirmed that a separate attack on its systems was a result of the theft of the RSA data.

By reverse engineering software used to manage the cryptographic software tokens on computers running Microsoft’s Windows operating system, SensePost’s Behrang Fouladi found the secret “seed” was easy for people with control over the machines to locate and copy. He provided step-by-step instructions for others to follow in order to demonstrate how easy it is to create clones that exactly mimic the output of a targeted SecurID token.

“When the above has been performed, you should have successfully cloned the victim’s software token and if they run the SecurID software token program on your computer, it will generate the exact same random numbers that are displayed on the victim’s token,” Fouladi said.

He arrived at that conclusion by reverse engineering the Windows software that allows SecurID users to make one-time passwords appear on their PCs, rather than on match-case-sized hardware tokens RSA provides. The cryptographic seed values at the heart of the SecurID system make it mathematically infeasible for others to predict the output that changes every 90 seconds or so, but only if the values remain secret.

“It’s not uncommon for a large software company like ours to see security researchers demonstrate theoretical attacks on a product,” said RSA spokesman Kevin Kempskie. “We have a really experienced product security team and we take these things very seriously and we’re going to have them take a closer look at it.”

Fouladi found the RSA seed value is easy to obtain and copy by anyone with access to a computer that’s lost, stolen, or compromised with a backdoor Trojan. By reading chunks of data returned by a proprietary Microsoft security interface known as the data protection application programming interface (DPAPI), an attacker can obtain and copy the encrypted value. Even when an optional copy protection known as a token binding is in place, you can bypass it because the required serial number comes from a combination of the host name and current user’s Windows security identifier stored on the computer.

He said lost or stolen smartphones might be susceptible to similar attacks, although he stressed he has no reason to believe an attacker can retrieve the values from smartphones infected with malware, as long as the devices have not suffered from a jail break or end up rooted.

“Should people stop using the SecurID software tokens? It depends,” he said. “It is dependent on the probability of the device being stolen or malicious applications installed from a dubious source. Personally, for high-risk situations, for example government agency laptops for staff that travel and frequently have to connect back to secure networks, using the token, I wouldn’t recommend it.”

Fouladi said RSA and its customers are targets of highly motivated hackers, so attack scenarios in which PCs suffer infection or end up stolen are not out of the realm of possibility. He suggested an industry-wide specification known as the trusted platform module (TPM) should manage sensitive RSA data.

Leave a Reply

You must be logged in to post a comment.